Geek Answers Handbook

Android AES 128 encryption

I am trying to implement AES128 encryption on Android. I have a solution running on iPhone with Objective-C, but I have problems porting to Android. I was looking for stackoverflow for a solution, but it looks like I'm doing something wrong. I am new to Java, so I think I have something to do with data, string conversion.

Here is my iPhone encrypted:

char keyPtr[kCCKeySizeAES128+1]; [keyString getCString:keyPtr maxLength:sizeof(keyPtr) encoding:NSASCIIStringEncoding]; // CString for the plain text char plainBytes[[plainString length]+1]; [plainString getCString:plainBytes maxLength:sizeof(plainBytes) encoding:NSASCIIStringEncoding]; size_t bytesEncrypted = 0; // Allocate the space for encrypted data NSUInteger dataLength = [plainString length]; size_t bufferSize = dataLength + kCCBlockSizeAES128; void* buffer = malloc(bufferSize); // Encrypt CCCryptorStatus ret = CCCrypt(kCCEncrypt, kCCAlgorithmAES128, kCCOptionPKCS7Padding | kCCOptionECBMode, keyPtr, kCCKeySizeAES128, NULL, plainBytes, sizeof(plainBytes), buffer, bufferSize, &bytesEncrypted); if (ret != kCCSuccess) { free(buffer); } encryptedData = [NSData dataWithBytes:buffer length:bytesEncrypted];

Here is my Java:

  SecretKeySpec skeySpec = new SecretKeySpec(key, "AES"); Cipher cipher = Cipher.getInstance("AES/ECB/PKCS7Padding"); cipher.init(Cipher.ENCRYPT_MODE, skeySpec); byte[] encrypted = cipher.doFinal(plainText.getBytes("UTF-8"));

Using the same key and plaintext in iPhone and Java gives different results. My iPhone result works the way I need, so I'm trying to get Java to give me the iPhone result. I missed something in Java, just not sure what it is.

change

Based on the suggestions below, I changed my Java to this

  byte[] keyBytes = plainTextKey.getBytes("US-ASCII"); SecretKeySpec skeySpec = new SecretKeySpec(keyBytes, "AES"); Cipher cipher = Cipher.getInstance("AES/ECB/PKCS7Padding"); cipher.init(Cipher.ENCRYPT_MODE, skeySpec); byte[] encrypted = cipher.doFinal(plainText.getBytes("US-ASCII"));

but I am still getting different results between Android and iPhone.

+6
source share
2 answers

in addition to encoding errors with your plaintext (as indicated in the comments to vcsjones), make sure the encoding is the same for the key string (note that using the original string, such as a password, directly as a crypto key is bad news, use the derivation function key, such as PBKDF2, on the password to get the key).

Also, the encoding string for Java for US-ASCII , not just ASCII , so be sure to use this in your getBytes calls.

EDIT : found your problem: the iOS string is encrypted with an extra null character (0x00) at the end, but java is not. Therefore, encoding "hello world \ 0" in java will give you the same result as "hello world" in iOS

+4
source

Most examples on the Internet are a weak implementation of AES. For the implementation to be strong, a random IV must be used all the time, and the key must be hashed.

For a more secure (random IV + hashed key) cross-platform (android, ios, C #) implementation of AES see my answer here - fooobar.com/questions/139158 / ...

0
source

More articles:


All Articles